As health insurance providers continue to request SOC2 HIPAA reports from organizations which offer healthcare related services, the need for these organizations to establish corresponding compliance initiatives will stay prevalent.
These audits, which essentially serve as a hybrid of SOC2 (System & Organization Control) and HIPAA (Health Insurance Portability and Accountability Act) assessments, will assist in the validation of safety and security practices being in place relative to the safety and security of Protected Health Information (PHI), Personally Identifiable Information (PII), and other forms of highly confidential patient data.
NDNB, one of North America’s foremost providers of SOC audit services (i.e., SOC1 SSAE 18, SOC 2, and SOC 3), offers fixed-fee SOC2 HIPAA audit reports for organizations all across the continent. NDNB has established an efficient audit methodology that saves both time and money. Also, thanks to years of experience with HIPAA and regulatory compliance, you can be assured your audit is being handled properly and effectively.
NDNB also offers comprehensive SOC 1 and SOC 2 audits for businesses using Amazon AWS, Microsoft Azure, and Google GCP.
NDNB’s SOC2 HIPAA assessment services consist of the following:
SOC2 HIPAA Scoping: Prior to beginning a SOC2 HIPAA assessment, it is absolutely imperative to define the scope of the assessment – this can require a long look at whether your organization must comply with each of the HIPAA Security Rule Safeguards (§164.308 to §164.316), or the HIPAA Privacy Rule is also in scope.
In addition to these HIPAA rules, does the HITECH Act need to be addressed? Properly determining scope can save your organization a considerable amount of time, effort, and money during the course of an engagement, so let NDNB help - please contact Chris Nickell, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it., or call him at 1-800-277-5415, ext. 706.
SOC2 HIPAA Readiness Assessments & Remediation Services: Upon determining the scope, the next step is to undertake a Readiness Assessment to determine any gaps within your internal controls structure. NDNB is well-versed in conducting Readiness Assessment and can assist your organization with recommendations on remediation, along with helping to close the gaps to get you closer to compliance.
A SOC 2 Readiness Assessment could reveal any number of areas which need supplementation. In some cases, technical controls could need enhancement; in others, properly documenting processes which are already in place could be all that is needed for remediation.
Nearly every single Service Organization undergoing a SOC2 HIPAA compliance audit will need to perform some type of remediation; as for how much, and how long it will take, it will depend on the maturity of your organization’s internal controls. You won’t find out how close you are until you get started, so let NDNB help you with the heavy lifting.
SOC2 HIPAA Type 1 Audits: SOC2 HIPAA Type 1 assessments are based on an organization’s control environment at a defined point in time. It is generally recommended that companies undertake a Type 1 for their first compliance audit, prior to moving on to a Type 2, which focuses on a test period (generally six months). Undertaking a Type 1 can provide a sense of familiarity with the audit process, and help organizations prepare for the more rigorous requests that come with a Type 2.
SOC2 HIPAA Type 2 Audits: As noted above, after the successful completion of a SOC2 Type 1 HIPAA audit, most organizations – if not all – move forward with annual SOC2 Type 2 reports. The shift to a defined test period allows the intended users of these reports to gain a deeper understanding of the operating effectiveness over a firm’s control environment. NDNB has performed hundreds of healthcare compliance audits over the last decade – both Type 1 and Type 2 – so talk to us today about your SOC2 HIPAA reporting needs.